EVENT MANAGEMENT SYSTEMS
First Claim
Patent Images
1. An event management system comprising:
- a data storage device to store events received from a plurality of event data sources; and
at least one processor toidentify data for at least one received event to include in a context query;
generate the context query including the identified data;
transmit the context query to a context determination service;
receive query results of the context query from the context determination service;
determine whether a context is provided in the query results, wherein the context describes additional meaning for the at least one event; and
append the context to the at least one event in response to determining the query results include the context.
7 Assignments
0 Petitions
Accused Products
Abstract
According to an example, an event management system determines context for received events. The event management system generates a context query for an event including event data and transmits the context query to a context determination service. Context may be determined from query results provided by the context determination service.
110 Citations
15 Claims
-
1. An event management system comprising:
-
a data storage device to store events received from a plurality of event data sources; and at least one processor to identify data for at least one received event to include in a context query; generate the context query including the identified data; transmit the context query to a context determination service; receive query results of the context query from the context determination service; determine whether a context is provided in the query results, wherein the context describes additional meaning for the at least one event; and append the context to the at least one event in response to determining the query results include the context. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A security information and event management system comprising:
-
a network interface to receive events from network devices and computers via a network, wherein each event includes event information describing an action associated with one of the network devices or computers; a data storage device to store the received events; and at least one processor to for each event, determine whether to generate a context query for the event based on event data for the event, and in response to determining to generate the context query, generate and transmit the context query for the event to a context determination service, wherein the context query includes the event data or other data associated with the event; receive query results from the context determination service based on the context queries; determine contexts from the query results for the events for which the context queries were transmitted to the context determination service; and determine from the event data and the contexts whether the events are associated with a security threat. - View Dependent Claims (8, 9, 10, 11, 12, 13, 15)
-
-
14. A non-transitory computer readable medium including machine readable instructions executable by at least one processor to:
-
receive an event at a management system; identify data for the event to include in a context query; generate and transmit a context query, including the identified data, to a context determination service; receive query results for the context query from the context determination service; determine context for the event from the query results; and append the context to event data for the event.
-
Specification